Overview
- Apple released patches for two WebKit flaws in iOS 26.2 and iOS 18.7.3 on December 12, 2025, and is urging users to update and then restart devices.
- The company says the vulnerabilities were used in highly targeted, extremely sophisticated campaigns that can execute code via malicious web content, including potential zero‑click vectors.
- Adoption of iOS 26 remains low or uncertain in tracking data, and analysts report that hundreds of millions of iPhones may still be unpatched.
- Security agencies including France’s ANSSI and the U.S. NSA advise fully powering down iPhones at least weekly using hardware buttons, warning that software-style reboots can be unreliable.
- Experts note that restarts can clear only non‑persistent, memory‑resident spyware, so installing the patched iOS is the reliable fix, and devices capable of iOS 26 cannot stay protected on iOS 18 alone.